admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-16T14:00:25.587729+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-16 14:00:29 +00:00
parent 381928becc
commit 639b1290be
14 changed files with 887 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
CVE-2018/CVE-2018-48xx/CVE-2018-4858.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-4858",
"sourceIdentifier": "productcert@siemens.com",
"published": "2018-07-09T19:29:00.407",
"lastModified": "2023-10-13T16:45:10.723",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T13:52:15.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -114,19 +114,6 @@
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false
},
{
"operator": "OR",
"negate": false
}
]
},
{
"operator": "AND",
"nodes": [
@ -236,12 +223,32 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.11",
"matchCriteriaId": "C7EA63B7-CF37-43EC-9F8E-E341A4A7994A"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/105933",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf",
@ -252,7 +259,11 @@
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

61
CVE-2023/CVE-2023-273xx/CVE-2023-27315.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-27315",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T14:15:10.170",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:56:41.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SnapGathers versions prior to 4.9 are susceptible to a vulnerability \nwhich could allow a local authenticated attacker to discover plaintext \ndomain user credentials"
},
{
"lang": "es",
"value": "Las versiones de SnapGathers anteriores a la 4.9 son susceptibles a una vulnerabilidad que podr\u00eda permitir a un atacante local autenticado descubrir credenciales de usuario de dominio en texto plano."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:snapgathers:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9",
"matchCriteriaId": "D0B2CCF1-1E5F-4DD3-A324-D9974A4316A1"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20231009-0002/",
"source": "security-alert@netapp.com"
"source": "security-alert@netapp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-321xx/CVE-2023-32124.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32124",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:46.867",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:56:58.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <=\u00a01.3.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Arul Prasad J Publish Confirm Message en versiones &lt;= 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arulprasadj:publish_confirm_message:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "D9DE567E-08A7-43D2-995B-3937CD544D21"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/publish-confirm-message/wordpress-publish-confirm-message-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-411xx/CVE-2023-41131.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41131",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:46.980",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:57:06.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <=\u00a02.10 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Jonk @ Follow me Darling Sp*tify Play Button para WordPress en versiones &lt;= 2.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:followingmedarling:spotify_play_button:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.10",
"matchCriteriaId": "F8A560C6-CEA4-4A4D-9414-BBEF16E0BE13"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spotify-play-button-for-wordpress/wordpress-sp-tify-play-button-for-wordpress-plugin-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-431xx/CVE-2023-43149.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43149",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T18:15:10.943",
"lastModified": "2023-10-12T19:42:47.127",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:57:49.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status."
},
{
"lang": "es",
"value": "SPA-Cart 1.9.0.3 es vulnerable a Cross Site Request Forgery (CSRF) que permite a un atacante remoto agregar un usuario administrador con estado de rol."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spa-cart:spa-cart:1.9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AA86DD4F-E412-4094-9716-3010A69E9384"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-43149",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-43xx/CVE-2023-4309.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4309",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T18:15:19.173",
"lastModified": "2023-10-10T18:20:50.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T13:15:59.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.\n"
},
{
"lang": "es",
"value": "El servicio electoral de Internet de Election Services Co. (ESC) es vulnerable a la inyecci\u00f3n de SQL en m\u00faltiples p\u00e1ginas y par\u00e1metros. Estas vulnerabilidades permiten que un atacante remoto no autenticado lea o modifique datos para cualquier elecci\u00f3n que comparta la misma base de datos backend. ESC desactiv\u00f3 las elecciones antiguas y no utilizadas y habilit\u00f3 la protecci\u00f3n de firewall de aplicaciones web (WAF) para las elecciones actuales y futuras el 2023-08-12 o alrededor de esa fecha."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -46,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:electionservicesco:internet_election_service:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78627388-63C2-42E7-B55C-83A012931A9A"
}
]
}
]
}
],
"references": [
{
"url": "https://schemasecurity.co/private-elections.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.electionservicesco.com/pages/services_internet.php",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.youtube.com/watch?v=yeG1xZkHc64",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-449xx/CVE-2023-44987.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44987",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-16T12:15:10.200",
"lastModified": "2023-10-16T12:15:10.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <=\u00a02.0.2 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/timely-booking-button/wordpress-timely-booking-button-plugin-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

51
CVE-2023/CVE-2023-450xx/CVE-2023-45068.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45068",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T13:15:11.063",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:56:22.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <=\u00a01.7.27 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Supsystic Contact Form de Supsystic en versiones &lt;= 1.7.27."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.27",
"matchCriteriaId": "1344ED26-C3E2-4BAB-8ECA-CD0CA98779EC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-by-supsystic/wordpress-contact-form-by-supsystic-plugin-1-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-451xx/CVE-2023-45102.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45102",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.070",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:57:20.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <=\u00a01.20 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento OTWthemes Blog Manager Light en versiones &lt;= 1.20."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otwthemes:blog_manager_light:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.20",
"matchCriteriaId": "5D46AF0A-F23F-42E6-850C-3FC304F03DAA"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/blog-manager-light/wordpress-blog-manager-light-plugin-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45103.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45103",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.160",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:57:31.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <=\u00a02.8.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento YAS Global Team Permalinks Customize en versiones &lt;= 2.8.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yasglobalizer:permalinks_customizer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.2",
"matchCriteriaId": "2A2A5EA7-B9ED-4566-B265-3B8830A6DBDF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-451xx/CVE-2023-45106.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45106",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T15:15:47.253",
"lastModified": "2023-10-12T16:08:32.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T12:57:39.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <=\u00a02.8.33 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter en versiones &lt;= 2.8.33."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:urvanov:urvanov_syntax_highlighter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.33",
"matchCriteriaId": "3BD534E6-39A3-46F4-9596-6A1668216F8D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/urvanov-syntax-highlighter/wordpress-urvanov-syntax-highlighter-plugin-2-8-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-460xx/CVE-2023-46066.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-46066",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-16T12:15:10.300",
"lastModified": "2023-10-16T12:15:10.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay \u2013 Media Library Folders plugin <=\u00a01.6 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mediabay-lite/wordpress-mediabay-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

245
CVE-2023/CVE-2023-54xx/CVE-2023-5459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5459",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T19:15:10.457",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T13:54:13.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -65,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -73,20 +95,231 @@
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200r_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "65F36E2C-B036-4579-B6BE-9AB1903BA1AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34AE7177-DABF-4CCB-93AB-E037F9C51631"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200t_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D0BAEC-A604-4640-BC98-1DCE93422CA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD13A1A-4B91-4983-8AF1-FE02F62769ED"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es211t_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "42449DF0-A166-429D-87FF-7BBE23E39CC9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es211t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "775E564A-D28E-4485-AF2C-5835ADE2FEA2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200rc_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "9E41C323-54CA-48F6-8CC1-F113A000715E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200rc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55E6E935-4DE2-44AB-9313-03B793007407"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200tc_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "C72AC564-35A5-45FA-B783-1CFAAEF1CCF8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200tc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C11B69A-882C-45D0-A2FF-5413330EF819"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200re_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "42C7EF42-1EEE-4CC9-8C04-4FDE3E1618C4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200re:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60CEE726-4B48-4983-82C9-241EE73FA687"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:deltaww:dvp32es200te_firmware:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF4FFF4-F5D5-46A4-9863-344226EC7659"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:deltaww:dvp32es200te:-:*:*:*:*:*:*:*",
"matchCriteriaId": "216BD3D7-4C33-4F05-9A52-FBC7EFEB7787"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1mUKkl_NPoUENpPUq-pdQQaEEGvKAaIFB",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.241582",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.241582",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-16T12:00:25.179262+00:00
2023-10-16T14:00:25.587729+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-16T11:58:00.980000+00:00
2023-10-16T13:54:13.537000+00:00
```
### Last Data Feed Release
@ -29,63 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227899
227901
```
### CVEs added in the last Commit
Recently added CVEs: `19`
Recently added CVEs: `2`
* [CVE-2023-3991](CVE-2023/CVE-2023-39xx/CVE-2023-3991.json) (`2023-10-16T10:15:11.000`)
* [CVE-2023-45639](CVE-2023/CVE-2023-456xx/CVE-2023-45639.json) (`2023-10-16T10:15:11.093`)
* [CVE-2023-45641](CVE-2023/CVE-2023-456xx/CVE-2023-45641.json) (`2023-10-16T10:15:11.173`)
* [CVE-2023-45642](CVE-2023/CVE-2023-456xx/CVE-2023-45642.json) (`2023-10-16T10:15:11.247`)
* [CVE-2023-45643](CVE-2023/CVE-2023-456xx/CVE-2023-45643.json) (`2023-10-16T10:15:11.320`)
* [CVE-2023-45645](CVE-2023/CVE-2023-456xx/CVE-2023-45645.json) (`2023-10-16T10:15:11.393`)
* [CVE-2023-45647](CVE-2023/CVE-2023-456xx/CVE-2023-45647.json) (`2023-10-16T10:15:11.467`)
* [CVE-2023-4457](CVE-2023/CVE-2023-44xx/CVE-2023-4457.json) (`2023-10-16T10:15:12.057`)
* [CVE-2023-44229](CVE-2023/CVE-2023-442xx/CVE-2023-44229.json) (`2023-10-16T11:15:44.500`)
* [CVE-2023-44984](CVE-2023/CVE-2023-449xx/CVE-2023-44984.json) (`2023-10-16T11:15:44.580`)
* [CVE-2023-44985](CVE-2023/CVE-2023-449xx/CVE-2023-44985.json) (`2023-10-16T11:15:44.653`)
* [CVE-2023-44986](CVE-2023/CVE-2023-449xx/CVE-2023-44986.json) (`2023-10-16T11:15:44.727`)
* [CVE-2023-45748](CVE-2023/CVE-2023-457xx/CVE-2023-45748.json) (`2023-10-16T11:15:44.800`)
* [CVE-2023-45749](CVE-2023/CVE-2023-457xx/CVE-2023-45749.json) (`2023-10-16T11:15:44.870`)
* [CVE-2023-45752](CVE-2023/CVE-2023-457xx/CVE-2023-45752.json) (`2023-10-16T11:15:44.943`)
* [CVE-2023-45753](CVE-2023/CVE-2023-457xx/CVE-2023-45753.json) (`2023-10-16T11:15:45.017`)
* [CVE-2023-45763](CVE-2023/CVE-2023-457xx/CVE-2023-45763.json) (`2023-10-16T11:15:45.090`)
* [CVE-2023-45831](CVE-2023/CVE-2023-458xx/CVE-2023-45831.json) (`2023-10-16T11:15:45.163`)
* [CVE-2023-45836](CVE-2023/CVE-2023-458xx/CVE-2023-45836.json) (`2023-10-16T11:15:45.233`)
* [CVE-2023-44987](CVE-2023/CVE-2023-449xx/CVE-2023-44987.json) (`2023-10-16T12:15:10.200`)
* [CVE-2023-46066](CVE-2023/CVE-2023-460xx/CVE-2023-46066.json) (`2023-10-16T12:15:10.300`)
### CVEs modified in the last Commit
Recently modified CVEs: `70`
Recently modified CVEs: `11`
* [CVE-2023-38059](CVE-2023/CVE-2023-380xx/CVE-2023-38059.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-3392](CVE-2023/CVE-2023-33xx/CVE-2023-3392.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-43666](CVE-2023/CVE-2023-436xx/CVE-2023-43666.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-43667](CVE-2023/CVE-2023-436xx/CVE-2023-43667.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-43668](CVE-2023/CVE-2023-436xx/CVE-2023-43668.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45273](CVE-2023/CVE-2023-452xx/CVE-2023-45273.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45274](CVE-2023/CVE-2023-452xx/CVE-2023-45274.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45605](CVE-2023/CVE-2023-456xx/CVE-2023-45605.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45606](CVE-2023/CVE-2023-456xx/CVE-2023-45606.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45629](CVE-2023/CVE-2023-456xx/CVE-2023-45629.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45638](CVE-2023/CVE-2023-456xx/CVE-2023-45638.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45650](CVE-2023/CVE-2023-456xx/CVE-2023-45650.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45651](CVE-2023/CVE-2023-456xx/CVE-2023-45651.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45653](CVE-2023/CVE-2023-456xx/CVE-2023-45653.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45654](CVE-2023/CVE-2023-456xx/CVE-2023-45654.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45655](CVE-2023/CVE-2023-456xx/CVE-2023-45655.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45656](CVE-2023/CVE-2023-456xx/CVE-2023-45656.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-45757](CVE-2023/CVE-2023-457xx/CVE-2023-45757.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-4620](CVE-2023/CVE-2023-46xx/CVE-2023-4620.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-4822](CVE-2023/CVE-2023-48xx/CVE-2023-4822.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-4827](CVE-2023/CVE-2023-48xx/CVE-2023-4827.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-4834](CVE-2023/CVE-2023-48xx/CVE-2023-4834.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-5421](CVE-2023/CVE-2023-54xx/CVE-2023-5421.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-5422](CVE-2023/CVE-2023-54xx/CVE-2023-5422.json) (`2023-10-16T11:58:00.980`)
* [CVE-2023-5595](CVE-2023/CVE-2023-55xx/CVE-2023-5595.json) (`2023-10-16T11:58:00.980`)
* [CVE-2018-4858](CVE-2018/CVE-2018-48xx/CVE-2018-4858.json) (`2023-10-16T13:52:15.963`)
* [CVE-2023-45068](CVE-2023/CVE-2023-450xx/CVE-2023-45068.json) (`2023-10-16T12:56:22.313`)
* [CVE-2023-27315](CVE-2023/CVE-2023-273xx/CVE-2023-27315.json) (`2023-10-16T12:56:41.307`)
* [CVE-2023-32124](CVE-2023/CVE-2023-321xx/CVE-2023-32124.json) (`2023-10-16T12:56:58.477`)
* [CVE-2023-41131](CVE-2023/CVE-2023-411xx/CVE-2023-41131.json) (`2023-10-16T12:57:06.543`)
* [CVE-2023-45102](CVE-2023/CVE-2023-451xx/CVE-2023-45102.json) (`2023-10-16T12:57:20.570`)
* [CVE-2023-45103](CVE-2023/CVE-2023-451xx/CVE-2023-45103.json) (`2023-10-16T12:57:31.997`)
* [CVE-2023-45106](CVE-2023/CVE-2023-451xx/CVE-2023-45106.json) (`2023-10-16T12:57:39.573`)
* [CVE-2023-43149](CVE-2023/CVE-2023-431xx/CVE-2023-43149.json) (`2023-10-16T12:57:49.633`)
* [CVE-2023-4309](CVE-2023/CVE-2023-43xx/CVE-2023-4309.json) (`2023-10-16T13:15:59.920`)
* [CVE-2023-5459](CVE-2023/CVE-2023-54xx/CVE-2023-5459.json) (`2023-10-16T13:54:13.537`)
## Download and Usage